Speaking of Standards…..

April 30, 2009

I continue to follow with interest the work that Neil MacDonald from Gartner is doing as he examines trends in physical and virtual security methods and trends.

Here is his latest blog reporting on some observations gleamed from RSA around virtualization and security. Good stuff Neil.

http://blogs.gartner.com/neil_macdonald/2009/04/23/rsa-and-virtualization-security/

I lock onto these things partially just because I am a geek at heart, and because I think it is fascinating to watch, ponder, and hopefully contribute something of value to effort along the way. And also believe that the Physical to Virtual IT transition point presents an excellent opportunity to “think differently”. I posted my thoughts on that in Neil’s latest blog.

And also because it is just freakin’ important to get these IT systems working better. You see I have this silly (and perhaps old-fashioned) notion of leaving the world better place than I found for my part in it.
And the only way I know how to do that is to work with a world-class team (like the one we have here at SignaCert) and to challenge the status quo day-in and day-out. And the only technology and discipline area that I know well is Information Technology security and systems management.
So here we are……

We’ll keep hammering on this with our friends, colleagues and trusted partners. With enough effort and will, even the biggest rocks can be moved.

Wyatt.


A Standards-based approach

April 24, 2009

A few months ago a bunch of my friends and colleagues decided to do something crazy:

To collaborate and write a book pooling collective knowledge, experience and vision around the state of the security and information assurance business.

My good friend Carlos Solari took the lead (he really did the heavy lifting regardless of the exceptionally generous, “About the Contributors” intro).

After a ton of work on long plane flights, and many lost weekends, the book is complete and was published at the RSA 2009 conference this week.

We’d enjoy your input and comments.

Here is a PDF of the intro:

http://www.signacert.com/resources/downloads/Security_Book_Intro.pdf

And here is a link to Amazon.com where you can buy a hardback copy:

http://www.amazon.com/Security-Web-2-0-World-Standards-Based/dp/0470745754/ref=sr_1_1?ie=UTF8&s=books&qid=1240590998&sr=1-1

With special thanks to Carlos and the entire team for their dedication to this book project, and for the passion they show every day to improve the discipline of our field.


SignaCert Announcement relating to Microsoft at RSA

April 21, 2009

Today at RSA we announced a significant “arrangement” with Microsoft.  We also participated in the Microsoft Theater (link to presentation coming soon).

Obviously this is a big deal for us, but that is not why I am writing this blog entry.

This blog is titled “IT in Transition” and if this isn’t transitional, I don’t know what is.  From the release:

“This is a very important step in enabling much better trust, security and management solutions for Microsoft customers.  It underscores the ongoing commitment of Microsoft to provide expanded object reputation services within its products and services as new security standards and methods evolve,” said Greg Kohanim, Product Unit Manager of Microsoft. “As an ISV, Microsoft is proud to extend this common repository with its own information to enable the industry to increase security across the board.”

Thank you Mr. Kohanim.

Also from the release:

“Software whitelisting is becoming strategic for protecting compute devices. Who builds and maintains the list is one of the more significant issues,” said Neil MacDonald, VP and Gartner Fellow.  “Since ISVs are the source of much of the software (including the OS foundation), it makes sense to have the worldwide ISV community contribute, in a standard way, to a whitelist that has the broadest adoption and impact versus the complexity involved in building or contributing to proprietary databases.”

And thank you for your contributions Mr. MacDonald.  The insight around important IT trends, and identified “no brainers” in your blog posts are spot-on IMHO.

Here are the main elements of the arrangement without the required p/r marketing spin

  • SignaCert to deliver rich content services with direct-from-Microsoft software measurements
  • Microsoft to deliver products with known-provenance, cross-platform third-party content aggregated by SignaCert
  • Data Exchange Format to be made available for ISV/OEM Partner use

Thank you Microsoft.

We are very proud to have been selected as a key partner for Microsoft, and it is a tribute to the work of countless people who have supported and encouraged us to continue our work in these important areas for the last decade or so.  And thanks to all of our investors for the support of the vision and product creation.

Now the work really begins.

Stay tuned.
Wyatt.


Gartner and Whitelists

April 11, 2009

Sorry for the long hiatus from the blog pages.  We have a series of press releases rolling out in the next several weeks (off of the one we posted about our 3.0 solution release this week).  Hopefully  I can point to the work in those releases as my excuse for not blogging on important IT transitional issues over the last several weeks. 🙂

But I have actually done a comment or two.  Check out these threads on the Gartner site.  I think you’ll find them of interest:

http://blogs.gartner.com/neil_macdonald/2009/03/31/will-whitelisting-eliminate-the-need-for-antivirus/

http://blogs.gartner.com/neil_macdonald/2009/04/03/we-need-a-global-industry-wide-application-whitelist/

http://blogs.gartner.com/neil_macdonald/2009/04/10/whitelisting-meet-virtualization-virtualization-meet-whitelisting/